[Pkg-net-snmp-commits] [pkg-net-snmp] 03/03: fix CVE-2014-2285 for wheezy
Hideki Yamane
henrich at moszumanska.debian.org
Mon Sep 15 15:19:37 UTC 2014
This is an automated email from the git hooks/post-receive script.
henrich pushed a commit to branch wheezy
in repository pkg-net-snmp.
commit b2142f10bf5caa44d10dbf2d5af6f3852dd760bf
Author: Hideki Yamane <henrich at debian.org>
Date: Sun Mar 30 20:20:13 2014 +0900
fix CVE-2014-2285 for wheezy
---
debian/changelog | 1 +
debian/patches/TrapReceiver.patch | 31 +++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 33 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index a929af5..155a3f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ net-snmp (5.4.3~dfsg-2.8+deb7u1) stable-proposed-updates; urgency=medium
Red Hat Bugzilla.
Thanks to "Christian Ruppert" <c.ruppert at babiel.com> for the report
(Closes: #721224)
+ - add TrapReceiver.patch to fix CVE-2014-2285
-- Hideki Yamane <henrich at debian.org> Sun, 04 May 2014 08:59:03 +0900
diff --git a/debian/patches/TrapReceiver.patch b/debian/patches/TrapReceiver.patch
new file mode 100644
index 0000000..0973f83
--- /dev/null
+++ b/debian/patches/TrapReceiver.patch
@@ -0,0 +1,31 @@
+Description: Fixes Perl Trap Handler Segfault with old Perl (e.g. Perl 5.8.8) (CVE-2014-2285)
+Origin: upstream
+Bug: http://sourceforge.net/p/net-snmp/code/ci/76e8d6d100320629d8a23be4b0128619600c919d/
+Last-Update: 2014-03-30
+
+--- net-snmp-5.7.2.1~dfsg.orig/perl/TrapReceiver/TrapReceiver.xs
++++ net-snmp-5.7.2.1~dfsg/perl/TrapReceiver/TrapReceiver.xs
+@@ -81,18 +81,18 @@ int perl_trapd_handler( netsnmp_pdu
+ STOREPDUi("securitymodel", pdu->securityModel);
+ STOREPDUi("securitylevel", pdu->securityLevel);
+ STOREPDU("contextName",
+- newSVpv(pdu->contextName, pdu->contextNameLen));
++ newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen));
+ STOREPDU("contextEngineID",
+- newSVpv((char *) pdu->contextEngineID,
++ newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "",
+ pdu->contextEngineIDLen));
+ STOREPDU("securityEngineID",
+- newSVpv((char *) pdu->securityEngineID,
++ newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "",
+ pdu->securityEngineIDLen));
+ STOREPDU("securityName",
+- newSVpv((char *) pdu->securityName, pdu->securityNameLen));
++ newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen));
+ } else {
+ STOREPDU("community",
+- newSVpv((char *) pdu->community, pdu->community_len));
++ newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len));
+ }
+
+ if (transport && transport->f_fmtaddr) {
diff --git a/debian/patches/series b/debian/patches/series
index 08dd835..7141dfe 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ bug#721224_entries_over50.patch
65_CVE-2012-2141.patch
66_formatstrings.patch
67_CVE-2014-2310.patch
+agentx-crash.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-net-snmp/pkg-net-snmp.git
More information about the Pkg-net-snmp-commits
mailing list